Am 19.02.2014 um 18:28 schrieb Alexandre DERUMIER <[email protected]>:
>>> INotify does not work with the cluster file system (/etc/pve). > ok, I didn't known. > >>> But we can implement some kind of polling (inside pvestatd). > Yes. (do we need to compute all chains ? or only group chains and update them > if checksum change ?) > > Why not use mtime of the file? Stefan > ----- Mail original ----- > > De: "Dietmar Maurer" <[email protected]> > À: "Alexandre DERUMIER" <[email protected]> > Cc: [email protected] > Envoyé: Mercredi 19 Février 2014 17:51:29 > Objet: RE: hosts.fw and security groups > >>>> Though a bit more about that, and realized that groups.fw is shared >> among all cluster nodes. >>>> >>>> That basically means that the host firewall (node local) is not >>>> updated automatically if the user updates groups.fw (only works for one >> node). >>>> >>>> So this produces unexpected behavior. What do you think about that? >> >> same for tap interface I think. > > Oh, you are right :-( > >> Maybe using inotify to update firewall rules on groups.fw file update ? > > INotify does not work with the cluster file system (/etc/pve). > > But we can implement some kind of polling (inside pvestatd). > _______________________________________________ > pve-devel mailing list > [email protected] > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
